comscore
News

Cloud storage service Mega’s Chrome extension hacked to steal user logins; now fixed

A new, freshly-updated version of the extension is now available.

  • Updated: September 6, 2018 5:01 PM IST
mega-nz-chrome-extension

Image Credit: Google Chrome


Of the many features that make Google Chrome the mode-popular web browser in the world, extensions are probably the most important. These functionality-enhancing add-ons allow you to edit photos, listen to music, block ads, and do a lot more. Generally, extensions downloaded from Chrome’s ‘Web Store’ are safe and secure, but sometimes, things can go south.

In one such incident, popular cloud storage and file-hosting service Mega.nz had its Google Chrome extension compromised by hackers. The miscreants uploaded a malicious version of the extension to the Chrome Web Store, with the intention of stealing users’ login credentials for different online accounts.

Warning users about the incident, a blog post on Mega.nz’s website noted, “On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome webstore. Upon installation or auto-update, it would ask for elevated permissions (Read and change all your data on the websites you visit) that MEGA’s real extension does not require and would (if permissions were granted) exfiltrate credentials for sites including amazon.com, live.com, github.com, google.com (for webstore login), myetherwallet.com, mymonero.com, idex.market and HTTP POST requests to other sites, to a server located in Ukraine. Note that mega.nz credentials were not being exfiltrated.”

Watch: Microsoft Surface Book 2 First Look

It’s worth mentioning that only those users who had Mega’s extension installed and configured to automatically update have been affected. The service has advised all those users to update their credentials on all websites/services that they access via Google Chrome.

Thankfully, Mega.nz updated the extension with a clean version (3.39.5), automatically updating affected installations. Just a little after that, Google removed the hacked extension from the Chrome Web Store.

When we checked ourselves, a new version (3.40.1) of the extension, updated on September 6, 2018, is available on the Chrome Web Store.

  • Published Date: September 6, 2018 3:37 PM IST
  • Updated Date: September 6, 2018 5:01 PM IST